Chromium Code Reviews
chromiumcodereview-hr@appspot.gserviceaccount.com (chromiumcodereview-hr) | Please choose your nickname with Settings | Help | Chromium Project | Gerrit Changes | Sign out
(463)

Issues Search
    My Issues | Starred     Open | Closed | All

Side by Side Diff: net/base/x509_certificate.h

Issue 8342054: net: enable CRL sets behind a command line flag. (Closed) Base URL: svn://svn.chromium.org/chrome/trunk/src
Patch Set: ... Created 9 years, 2 months ago
Use n/p to move between diff chunks; N/P to move between comments. Draft comments are only viewable by you.
Jump to:
View unified diff | Download patch | Annotate | Revision Log
« no previous file with comments | « net/base/ssl_config_service_defaults.cc ('k') | net/base/x509_certificate.cc » ('j') | no next file with comments »
Toggle Intra-line Diffs ('i') | Expand Comments ('e') | Collapse Comments ('c') | Show Comments Hide Comments ('s')
OLDNEW
1 // Copyright (c) 2011 The Chromium Authors. All rights reserved. 1 // Copyright (c) 2011 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be 2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file. 3 // found in the LICENSE file.
4 4
5 #ifndef NET_BASE_X509_CERTIFICATE_H_ 5 #ifndef NET_BASE_X509_CERTIFICATE_H_
6 #define NET_BASE_X509_CERTIFICATE_H_ 6 #define NET_BASE_X509_CERTIFICATE_H_
7 #pragma once 7 #pragma once
8 8
9 #include <string.h> 9 #include <string.h>
10 10
(...skipping 26 matching lines...) Expand all
37 37
38 class Pickle; 38 class Pickle;
39 39
40 namespace crypto { 40 namespace crypto {
41 class StringPiece; 41 class StringPiece;
42 class RSAPrivateKey; 42 class RSAPrivateKey;
43 } // namespace crypto 43 } // namespace crypto
44 44
45 namespace net { 45 namespace net {
46 46
47 class CRLSet;
47 class CertVerifyResult; 48 class CertVerifyResult;
48 49
49 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList; 50 typedef std::vector<scoped_refptr<X509Certificate> > CertificateList;
50 51
51 // X509Certificate represents a X.509 certificate, which is comprised a 52 // X509Certificate represents a X.509 certificate, which is comprised a
52 // particular identity or end-entity certificate, such as an SSL server 53 // particular identity or end-entity certificate, such as an SSL server
53 // identity or an SSL client certificate, and zero or more intermediate 54 // identity or an SSL client certificate, and zero or more intermediate
54 // certificates that may be used to build a path to a root certificate. 55 // certificates that may be used to build a path to a root certificate.
55 class NET_EXPORT X509Certificate 56 class NET_EXPORT X509Certificate
56 : public base::RefCountedThreadSafe<X509Certificate> { 57 : public base::RefCountedThreadSafe<X509Certificate> {
(...skipping 256 matching lines...) Expand 10 before | Expand all | Expand 10 after
313 // The |*verify_result| structure, including the |verify_result->cert_status| 314 // The |*verify_result| structure, including the |verify_result->cert_status|
314 // bitmask, is always filled out regardless of the return value. If the 315 // bitmask, is always filled out regardless of the return value. If the
315 // certificate has multiple errors, the corresponding status flags are set in 316 // certificate has multiple errors, the corresponding status flags are set in
316 // |verify_result->cert_status|, and the error code for the most serious 317 // |verify_result->cert_status|, and the error code for the most serious
317 // error is returned. 318 // error is returned.
318 // 319 //
319 // |flags| is bitwise OR'd of VerifyFlags. 320 // |flags| is bitwise OR'd of VerifyFlags.
320 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation 321 // If VERIFY_REV_CHECKING_ENABLED is set in |flags|, certificate revocation
321 // checking is performed. If VERIFY_EV_CERT is set in |flags| too, 322 // checking is performed. If VERIFY_EV_CERT is set in |flags| too,
322 // EV certificate verification is performed. 323 // EV certificate verification is performed.
324 //
325 // |crl_set| points to an optional CRLSet structure which can be used to
326 // avoid revocation checks over the network.
323 int Verify(const std::string& hostname, 327 int Verify(const std::string& hostname,
324 int flags, 328 int flags,
329 CRLSet* crl_set,
325 CertVerifyResult* verify_result) const; 330 CertVerifyResult* verify_result) const;
326 331
327 // Verifies that |hostname| matches this certificate. 332 // Verifies that |hostname| matches this certificate.
328 // Does not verify that the certificate is valid, only that the certificate 333 // Does not verify that the certificate is valid, only that the certificate
329 // matches this host. 334 // matches this host.
330 // Returns true if it matches. 335 // Returns true if it matches.
331 bool VerifyNameMatch(const std::string& hostname) const; 336 bool VerifyNameMatch(const std::string& hostname) const;
332 337
333 // This method returns the DER encoded certificate. 338 // This method returns the DER encoded certificate.
334 // If the return value is true then the DER encoded certificate is available. 339 // If the return value is true then the DER encoded certificate is available.
(...skipping 74 matching lines...) Expand 10 before | Expand all | Expand 10 after
409 const std::string& cert_common_name, 414 const std::string& cert_common_name,
410 const std::vector<std::string>& cert_san_dns_names, 415 const std::vector<std::string>& cert_san_dns_names,
411 const std::vector<std::string>& cert_san_ip_addrs); 416 const std::vector<std::string>& cert_san_ip_addrs);
412 417
413 // Performs the platform-dependent part of the Verify() method, verifiying 418 // Performs the platform-dependent part of the Verify() method, verifiying
414 // this certificate against the platform's root CA certificates. 419 // this certificate against the platform's root CA certificates.
415 // 420 //
416 // Parameters and return value are as per Verify(). 421 // Parameters and return value are as per Verify().
417 int VerifyInternal(const std::string& hostname, 422 int VerifyInternal(const std::string& hostname,
418 int flags, 423 int flags,
424 CRLSet* crl_set,
419 CertVerifyResult* verify_result) const; 425 CertVerifyResult* verify_result) const;
420 426
421 // The serial number, DER encoded. 427 // The serial number, DER encoded.
422 // NOTE: keep this method private, used by IsBlacklisted only. To simplify 428 // NOTE: keep this method private, used by IsBlacklisted only. To simplify
423 // IsBlacklisted, we strip the leading 0 byte of a serial number, used to 429 // IsBlacklisted, we strip the leading 0 byte of a serial number, used to
424 // encode a positive DER INTEGER (a signed type) with a most significant bit 430 // encode a positive DER INTEGER (a signed type) with a most significant bit
425 // of 1. Other code must not use this method for general purpose until this 431 // of 1. Other code must not use this method for general purpose until this
426 // is fixed. 432 // is fixed.
427 const std::string& serial_number() const { return serial_number_; } 433 const std::string& serial_number() const { return serial_number_; }
428 434
(...skipping 52 matching lines...) Expand 10 before | Expand all | Expand 10 after
481 // (Marked mutable because it's used in a const method.) 487 // (Marked mutable because it's used in a const method.)
482 mutable base::Lock verification_lock_; 488 mutable base::Lock verification_lock_;
483 #endif 489 #endif
484 490
485 DISALLOW_COPY_AND_ASSIGN(X509Certificate); 491 DISALLOW_COPY_AND_ASSIGN(X509Certificate);
486 }; 492 };
487 493
488 } // namespace net 494 } // namespace net
489 495
490 #endif // NET_BASE_X509_CERTIFICATE_H_ 496 #endif // NET_BASE_X509_CERTIFICATE_H_
OLDNEW
« no previous file with comments | « net/base/ssl_config_service_defaults.cc ('k') | net/base/x509_certificate.cc » ('j') | no next file with comments »

Powered by Google App Engine
This is Rietveld 408576698